On Fri, 02 Sep 2005 12:24:54 BST, Adam Funk writes:
>Sometimes the interval between "Did not receive" and the first "Failed
>password" is as long as 20 minutes. Why do the SSH cracking programs
>omit the string the first time, and why do they wait a while after
>that to start trying userids and passwords?
Probably becasue at first they do a sweep and look where port 22 is at
least open, before they start with "real" cracking attempts.
cheers,
&rw
--
/ Ing. Robert Waldner | Security Engineer | CoreTec IT-Security \
\ <rw@coretec.at> | T +43 1 503 72 73 | F +43 1 503 72 73 x99 /